---
title: Azure SAML Auth
description: Configure SAML authentication for Nx Cloud Enterprise with Azure
filter: 'type:Guides'
---

1. Create a new enterprise app

   ![Create new enterprise application in Azure](../../../../assets/enterprise/single-tenant/saml/azure_1.png)

   ![Select create your own application](../../../../assets/enterprise/single-tenant/saml/azure_2.png)

2. Choose "Create your own":

   ![Choose create your own application option](../../../../assets/enterprise/single-tenant/saml/azure_3.png)

3. Give it a name

   ![Enter enterprise application name](../../../../assets/enterprise/single-tenant/saml/azure_4.png)

4. Assign your users and/or groups to it:

   ![Assign users and groups to application](../../../../assets/enterprise/single-tenant/saml/azure_5.png)

5. Then set-up SSO

   ![Set up single sign-on](../../../../assets/enterprise/single-tenant/saml/azure_6.png)

6. And choose SAML:

   ![Select SAML authentication method](../../../../assets/enterprise/single-tenant/saml/azure_7.png)

7. Add these configuration options

   1. Configure the Identifier **exactly** as `nx-private-cloud`
   2. For the **Reply URL**, it should point to your Private Cloud instance URL. Make sure it ends with `/auth-callback`

   ![Configure SAML identifier and reply URL](../../../../assets/enterprise/single-tenant/saml/azure_8.png)

8. Scroll down and manage claims:

   ![Manage SAML attribute claims](../../../../assets/enterprise/single-tenant/saml/azure_9.png)

9. The first row should be the `email` claim, click to Edit it:

   ![Edit email claim configuration](../../../../assets/enterprise/single-tenant/saml/azure_10.png)

10. Configure it as per below

    1. **"Namespace"** needs to be blank
    2. **"Name:"** needs to be "email"
    3. See screenshot below. This is an important step, because Nx Cloud will expect the "email" property on each profile that logs in.

    ![Set email claim name and namespace](../../../../assets/enterprise/single-tenant/saml/azure_11.png)

    Make sure your application user profile exposes the email address under `user.mail`. This can be configured in `Users and Groups` in the Azure portal. Alternatively, you can always configure the `email` claim to use a different property under the `user` object.

11. Under `SAML Certificates`, click the pencil icon to edit

    ![Edit SAML certificate signing options](../../../../assets/enterprise/single-tenant/saml/azure_12.png)

    For **Signing Option**, select **Sign SAML response and assertion**

    ![Select sign SAML response and assertion](../../../../assets/enterprise/single-tenant/saml/azure_13.png)

    Then click **Save** and close the popover.

12. Download the certificate in **Base64**:

    ![Download Base64 certificate](../../../../assets/enterprise/single-tenant/saml/azure_14.png)

13. Extract the downloaded certificate value as a one-line string:
    1. `awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' azure_cert_file.cer`
    2. We'll use this later
14. Copy the Login URL:

    ![Copy login URL from Azure portal](../../../../assets/enterprise/single-tenant/saml/azure_15.png)

15. Save the following information to send to your DPE:
    1. `SAML_CERT=<your-cert-string-from-above>`
    2. `SAML_ENTRY_POINT=<your-login-url-from-above>`

## Connect Your Nx Cloud Installation to Your SAML Set Up

Contact your developer productivity engineer to connect your Nx Cloud instance to the SAML configuration.
